Closed benlazaro closed 2 years ago
I checked the code and there are quite a few other places where the password is being logged in clear text. This happens when logging the contents of the text field in the GUI. The logs statements that show the password with asterisks is because the url was already processes by the Apache VFS library and the getFirendlyName() method is invoked. I will submit a pull request for fixing this issue shortly.
Thank you @benlazaro. I merged it to master. I seems to be we have enough for a new release.
I was testing connectivity with a public SFTP server when I noticed in the olv.log file that there is a log statement that is not masking the password when logging file that is being loaded by OLV. Below it's a snippet of the logs, including the clear text password since it is from a publicly available SFTP test server.
The second line in the snippet displays the password in clear text, but the subsequent lines mask the password with asterisks. This should be easily reproducible by loading a log file (or any text file for that matter) via the SFTP:// command in the log viewer. I'm using OLV 1.4.16